[Freeipa-users] Expired Certs

John Williams john.1209 at yahoo.com
Thu Apr 16 19:18:10 UTC 2015 

[ snip ]




> 
> [root at ipa ~]# date
> Thu Apr 10 00:13:51 EDT 2014
> [root at ipa ~]# /etc/init.d/certmonger restart
> Stopping certmonger:                                      [  OK  ]
> Starting certmonger:                                      [  OK  ]
> [root at ipa ~]# 

You are going way to far back in time AFAICT. The certs expired on April
5 of this year so you don't need to go back to 2014. Just go back to
April 3 or 4.

You'll also need to restart IPA before kicking certmonger ipactl restart

rob

Thanks Rob,
Following your advice, it looks like only one of the eight certificates are now monitoring.  Check out the following:

[root at ipa ~]# getcert list | grep -A1 status status: CA_UNREACHABLE ca-error: Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot be authenticated with known CA certificates.-- status: CA_UNREACHABLE ca-error: Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot be authenticated with known CA certificates.-- status: CA_UNREACHABLE ca-error: Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot be authenticated with known CA certificates.-- status: CA_UNREACHABLE ca-error: Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot be authenticated with known CA certificates.-- status: CA_UNREACHABLE ca-error: Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot be authenticated with known CA certificates.-- status: CA_UNREACHABLE ca-error: Server at https://ipa.infra.idef/ipa/xml failed request, will retry: 4301 (RPC failed at server.  Certificate operation cannot be completed: EXCEPTION (Invalid Credential.)).-- status: CA_UNREACHABLE ca-error: Server at https://ipa.infra.idef/ipa/xml failed request, will retry: 4301 (RPC failed at server.  Certificate operation cannot be completed: EXCEPTION (Invalid Credential.)).-- status: MONITORING ca-error: Server at https://ipa.infra.idef/ipa/xml denied our request, giving up: 2100 (RPC failed at server.  Insufficient access: hostname in subject of request 'ipa.infra.idef' does not match principal hostname 'ipa'). 
How can I get the remaining certs fixed as well?  Thanks in advance.
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150416/6d819e51/attachment.htm>

More information about the Freeipa-users mailing list